This article tells you how to make a 3G connection by using OpenBTS-UMTS and LimeSDR-Mini. At this time connection have been realised but no data work for the moment keep you in touch…
Install the uhd driver
#git clone https://github.com/EttusResearch/uhd.git
# cd uhd
# git checkout UHD-3.10
# sudo apt-get install libboost-all-dev libusb-1.0-0-dev python-mako doxygen python-docutils cmake build-essential
# cd host
# mkdir build; cd build
# cmake ..
# make -j4
# make install
# ldconfig
Install Libosmocore
# cd /root
# git clone git://git.osmocom.org/libosmocore.git
# cd libosmocore
# autoreconf -i
# ./configure
# make
# make install
# ldconfig
# cd ..
Install osmo-trx
# cd /root
# git clone git://git.osmocom.org/osmo-trx.git
# cd osmo-trx
# autoreconf -i
# ./configure --with-lms
# make
# make install
# ldconfig
# cd ..
make -j4
# make install
# ldconfig
SoapySDR and SoapyUHD
# git clone https://github.com/pothosware/SoapySDR
# apt-get install cmake g++ libpython-dev python-numpy swig
# mkdir build
# cd build
# cmake ..
# make -j4
# sudo make install
# sudo ldconfig #needed on debian systems
# SoapySDRUtil --info
# git clone https://github.com/pothosware/SoapyUHD
# cd SoapyUHD
# mkdir build && cd build
# cmake ..
# make
# make install
# ldconfig
LimeSuite
# sudo apt-get install git g++ cmake libsqlite3-dev libi2c-dev libusb-1.0-0-dev
#install graphics dependencies
sudo apt-get install libwxgtk3.0-dev freeglut3-dev
# git clone https://github.com/myriadrf/LimeSuite
# cd LimeSuite
# cd build
# cmake ..
Install Apache Thrift
# apt install composer phpunit
gem update
# cd
# git clone https://github.com/apache/thrift
# cd thrift
# ./bootstrap.sh
# ./configure
# make
# make install
# ldconfig
Install gnuradio
# nano /etc/apt/sources.list
add deb http://deb.debian.org/debian unstable main contrib non-free
# apt update
# apt install gcc-5 g++-5
# update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 15
# update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-5 15
# update-alternatives --install /usr/bin/cc cc /usr/bin/gcc 30
# update-alternatives --set cc /usr/bin/gcc
# update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++ 30
# update-alternatives --set c++ /usr/bin/g++
# update-alternatives --config gcc
# update-alternatives --config g++
and choose gcc and g++ 5
# apt -y install git cmake g++ python-dev swig \
pkg-config libfftw3-dev libboost-all-dev libcppunit-dev libgsl-dev \
libusb-dev libsdl1.2-dev python-wxgtk3.0 python-numpy python-cheetah \
python-lxml doxygen libxi-dev python-sip libqt4-opengl-dev libqwt-dev \
libfontconfig1-dev libxrender-dev python-sip python-sip-dev python-qt4 \
python-sphinx libusb-1.0-0-dev libcomedi-dev libzmq3-dev python-mako
# git clone --recursive git://git.gnuradio.org/gnuradio
# cd gnuradio
# mkdir build
# cd build
# cmake ../
# make -j4
# sudo make install
Installation of gr-osmosdr
# git clone https://git.osmocom.org/gr-osmosdr
# cd gr-osmosdr
# mkdir build
# cd build
# cmake ..
# make
Installation of gr-gsm
# git clone https://git.osmocom.org/gr-gsm
# cd gr-gsm
# mkdir build
# cd build
# cmake ..
# mkdir $HOME/.grc_gnuradio/ $HOME/.gnuradio/
# make
OpenBTS-UMTS
apt install libreadline7 libreadline-dev libosip2-dev libortp9 libortp-dev libzmq5 libzmq3-dev libtool-bin
# pip install zmq
# git clone https://github.com/RangeNetworks/OpenBTS-UMTS
# cd OpenBTS-UMTS
# git submodule init
# git submodule update
# update-alternatives --config gcc
# update-alternatives --config g++
and choose gcc and g++ 5
# git clone https://github.com/RangeNetworks/libcoredumper
cd libcoredumper
./build.sh
# cd coredumper-1.2.1
# autoreconf -i
# ./configure
# make -j4
# make install
# ldconfig
# tar zxvf asn1c-0.9.23.tar.gz
# cd vlm-asn1c-0959ffb/
# nano configure.ac
change
AM_INIT_AUTOMAKE=([-Wall -Werror foreign])
to
AM_INIT_AUTOMAKE=([-Wall foreign])
# autoreconf -i
# ./configure
# make -j4
# make install
# ldconfig
# cd ~/OpenBTS-UMTS
# git clone https://github.com/bbaranoff/OpBTS-LimeMini
# cd TransceiverUHD
# patch -p0 < ../OpBTS-LimeMini/OpBTS1.patch
# patch -p0 < ../OpBTS-LimeMini/OpBTS2.patch
$ sudo NodeManager/install_libzmq.sh
$ ./autogen.sh
$ ./configure
$ make
$ sudo make install
To setup OpenBTS-UMTS, we may need to modify the settings such as ARFCN, DNS, Firewall. Navigate to ~/OpenBTS-UMTS/apps folder and open OpenBTS-UMTS.example.sql file with the preferable text editor. You may need to edit following options:
‘GGSN.DNS’ set to ‘8.8.8.8’ to enable Google DNS.‘GGSN.Firewall.Enable’ set to ‘0’ to disable Firewall.‘UMTS.Radio.Band’ – set the band you are going to use. Select from 850, 900, 1700, 1800, 1900 or 2100.‘UMTS.Radio.C0’ – set the UARFCN. Range of valid values depend upon the selected operating band. Please, ensure that you are using free operating band.'UMTS.Radio.RxGain' "35" To avoid Overpower
Now, we need to create folders and working database:
$ sudo mkdir /var/log/OpenBTS-UMTS
$ cd /etc/OpenBTS
$ sudo sqlite3 /etc/OpenBTS/OpenBTS-UMTS.db “.read OpenBTS-UMTS.example.sql”
$ sudo cp TransceiverUHD/transceiver ~/OpenBTS-UMTS/
$ sudo cp TransceiverUHD/transceiver apps
We also need to setup forwarding in iptables to properly forward data between devices, host machine, and the Internet:
$ iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0
$ echo 1 > /proc/sys/net/ipv4/ip_forward
If you have Internet connection through the another interface (for example, Wi-Fi), you need to change eth0 to the applicable one (i.e., wlan0). Please note, that you need to setup forwarding in iptables every time after you computer rebooted.
It’s important to install Subscriber Registry API and SIP Authentication Server to be able to launch OpenBTS-UMTS. Subscriber Registry controls database of subscriber information and in fact works as HLR (Home Location Registry):
# git clone https://github.com/RangeNetworks/subscriberRegistry.git
# cd subscriberRegistry
# git submodule init
# git submodule update
# autoreconf -i
# ./configure
# make
# make install
# mkdir /var/lib/asterisk/
# mkdir /var/lib/asterisk/sqlite3dir/
# cp apps/comp128 ~/OpenBTS-UMTS/
# cp apps/comp128 ~/OpenBTS-UMTS/apps/
# cp apps/comp128 /OpenBTS
RUNNING !!!
# cd ~/OpenBTS-UMTS/apps
# ./OpenBTS-UMTS
# cd subscriberRegistry/apps
# ./sipauthserve
To add the subscriber to the registry, you need to know IMSI and K_i value of your programmable SIM card. There are two common ways to get the values. The only way to use SIMs from another provider is to obtain the K_i through a roaming interface to the provider’s HLR/HSS. The second way is to buy test SIM-card and flash it using the programmer and pysim utility (http://cgit.osmocom.org/pysim/). Navigate to ~/subscriberRegistry/NodeManager/ and execute:
# git clone https://github.com/osmocom/pySim
# cd pySim
# apt-get install python-pyscard python-serial python-pip
pip install pytlv
# ./pySim-prog.py -j 0
> Name : Magic
> SMSP : e1ffffffffffffffffffffffff0581005155f5ffffffffffff000000
> ICCID : 8901901550000000005
> MCC/MNC : 901/55
> IMSI : 901550000000000
> Ki : bef0ba3847947b0a6fdd5bee6759931a
> OPC : 62d77be45c4cc0636a19a870f20b228b
> ACC : None
(# sudo ./nmcli.py sipauthserve subscribers create “name” imsi msisdn ki
Values imsi, msisdn and ki should be taken from your SIM-card.)
# python2.7 ./nmcli.py sipauthserve subscribers create "Magic" IMSI901550000000000 1234567 bef0ba3847947b0a6fdd5bee6759931a
Now, connect your phone to the network and test 3G. That’s it!
When the connection realise you should see this
EDIT FOR AT THIS TIME PHONE CONNECT AND WITH AN APN THINGS HAPPEN BUT NO DATA AND THIS ERROR PLEASE COMMENT IF YOU HAVE A SOLUTION
OpenBTS-UMTS: TurboCoder.cpp:452: TurboInterleaver::TurboInterleaver(int): Assertion `K >= 40 && K <= 5114' failed.
Abandon
Here are the full log
./OpenBTS-UMTS
1537208977.791910 139964834174592:
OpenBTS, OpenBTS-UMTS
Copyright 2008, 2009, 2010 Free Software Foundation, Inc.
Copyright 2010 Kestrel Signal Processing, Inc.
Copyright 2011, 2012, 2013, 2014 Range Networks, Inc.
Release 1.0-master P formal build date 2018-09-17T18:24:02 d528034ac8 CommonLibs:d528034ac8
“OpenBTS” is a trademark of Range Networks, Inc.
“OpenBTS-UMTS” is a trademark of Range Networks, Inc.
Contributors:
Range Networks, Inc.:
David Burgess, Harvind Samra, Donald Kirker, Doug Brown, Pat Thompson, Michael Iedema
Kestrel Signal Processing, Inc.:
David Burgess, Harvind Samra, Raffi Sevlian, Roshan Baliga
GNU Radio:
Johnathan Corgan
Others:
Anne Kwong, Jacob Appelbaum, Joshua Lackey, Alon Levy
Alexander Chemeris, Alberto Escudero-Pascual
Incorporated GPL libraries and components:
libosip2 (LGPL), liportp2 (LGPL)
This program comes with ABSOLUTELY NO WARRANTY.
Use of this software may be subject to other legal restrictions,
including patent licsensing and radio spectrum licensing.
All users of this software are expected to comply with applicable
regulations and laws. See the LEGAL file in the source code for
more information.
ALERT 139964834174592 20:29:37.9 OpenBTS-UMTS.cpp:166:main: OpenBTS-UMTS (re)starting, ver 1.0-master build date Sep 17 2018
1537208977.916449 139964834174592:
Starting the system…
TBSIZE: 260
RACH radioFrameSize=1200 total=1200 tbsize=256
TBSIZE: 360
FACH SF=64 radioFrameSize=1080 total=1080 tbsize=360
TBSIZE: 260
RACH radioFrameSize=1200 total=1200 tbsize=256
TBSIZE: 360
FACH SF=64 radioFrameSize=1080 total=1080 tbsize=360
RACH TFS: mPresent=2 mMaxTfSize=0 mMaxTbSize=0 multiplexed=1 mTTI=10 mTypeOfChannelCoding=2 mRateMatchingAttribute=256 mCRCSize=16 TF( mTBSize=256 mNumTB=1) TF( mTBSize=256 mNumTB=2)
FACH TFS: mPresent=2 mMaxTfSize=0 mMaxTbSize=0 multiplexed=1 mTTI=10 mTypeOfChannelCoding=2 mRateMatchingAttribute=256 mCRCSize=12 TF( mTBSize=360 mNumTB=0) TF( mTBSize=360 mNumTB=1)
chReserve(64,2)
ALERT 139964834174592 20:29:37.9 UMTSPhCh.cpp:654:chConflict: Attempt to reserve channel: sf=64 chcode=2 which conflicts with reserved channel: sf=32 chcode=1
chReserve(256,2)
ALERT 139964834174592 20:29:37.9 UMTSPhCh.cpp:654:chConflict: Attempt to reserve channel: sf=256 chcode=2 which conflicts with reserved channel: sf=128 chcode=1
chReserve(64,3)
ALERT 139964834174592 20:29:37.9 UMTSPhCh.cpp:654:chConflict: Attempt to reserve channel: sf=64 chcode=3 which conflicts with reserved channel: sf=32 chcode=1
chReserve(256,4)
ALERT 139964834174592 20:29:37.9 UMTSPhCh.cpp:654:chConflict: Attempt to reserve channel: sf=256 chcode=4 which conflicts with reserved channel: sf=128 chcode=2
chReserve(64,2)
ALERT 139964834174592 20:29:37.9 UMTSPhCh.cpp:654:chConflict: Attempt to reserve channel: sf=64 chcode=2 which conflicts with reserved channel: sf=32 chcode=1
Dumping SIB5…
SysInfoType5 ::= {
sib6indicator: FALSE
pich-PowerOffset: -10
modeSpecificInfo: fdd ::= {
aich-PowerOffset: -10
}
primaryCCPCH-Info: fdd ::= {
tx-DiversityIndicator: FALSE
}
prach-SystemInformationList: PRACH-SystemInformationList ::= {
PRACH-SystemInformation ::= {
prach-RACH-Info: PRACH-RACH-Info ::= {
modeSpecificInfo: fdd ::= {
availableSignatures: 20 00
availableSF: 0 (sfpr32)
preambleScramblingCodeWordNumber: 0
puncturingLimit: 15 (pl1)
availableSubChannelNumbers: 00 20
}
}
transportChannelIdentity: 3
rach-TransportFormatSet: CommonTransChTFS ::= {
tti: CommonDynamicTF-InfoList ::= {
CommonDynamicTF-Info ::= {
rlc-Size: fdd ::= {
octetModeRLC-SizeInfoType2: 26
}
numberOfTbSizeList: numberOfTbSizeList ::= {
2
}
logicalChannelList:
}
}
semistaticTF-Information: SemistaticTF-Information ::= {
channelCodingType: 0 (half)
rateMatchingAttribute: 256
crc-Size: 3 (crc16)
}
}
rach-TFCS: TFCS-ReconfAdd ::= {
ctfcSize: ctfc2Bit ::= {
TFCS-ReconfAdd-foo2 ::= {
ctfc2: 0
powerOffsetInformation: PowerOffsetInformation ::= {
gainFactorInformation: SignalledGainFactors ::= {
modeSpecificInfo: fdd ::= {
gainFactorBetaC: 15
}
gainFactorBetaD: 15
}
powerOffsetPp-m: 2
}
}
TFCS-ReconfAdd-foo2 ::= {
ctfc2: 1
powerOffsetInformation: PowerOffsetInformation ::= {
gainFactorInformation: SignalledGainFactors ::= {
modeSpecificInfo: fdd ::= {
gainFactorBetaC: 15
}
gainFactorBetaD: 15
}
powerOffsetPp-m: 2
}
}
}
}
prach-Partitioning: fdd ::= {
ASCSetting-FDD ::= {
accessServiceClass-FDD: AccessServiceClass-FDD ::= {
availableSignatureStartIndex: 0
availableSignatureEndIndex: 0
assignedSubChannelNumber: F0
}
}
}
ac-To-ASC-MappingTable: AC-To-ASC-MappingTable ::= {
}
modeSpecificInfo: fdd ::= {
primaryCPICH-TX-Power: 10
constantValue: -10
prach-PowerOffset: PRACH-PowerOffset ::= {
powerRampStep: 1
preambleRetransMax: 64
}
rach-TransmissionParameters: RACH-TransmissionParameters ::= {
mmax: 32
nb01Min: 0
nb01Max: 50
}
aich-Info: AICH-Info ::= {
channelisationCode256: 2
sttd-Indicator: FALSE
aich-TransmissionTiming: 1 (e1)
}
}
}
}
sCCPCH-SystemInformationList: SCCPCH-SystemInformationList ::= {
SCCPCH-SystemInformation ::= {
secondaryCCPCH-Info: SecondaryCCPCH-Info ::= {
modeSpecificInfo: fdd ::= {
dummy1: 0 (mayBeUsed)
sttd-Indicator: FALSE
sf-AndCodeNumber: 3
pilotSymbolExistence: FALSE
tfci-Existence: TRUE
positionFixedOrFlexible: 0 (fixed)
timingOffset: 0
}
}
tfcs: TFCS-ReconfAdd ::= {
ctfcSize: ctfc2Bit ::= {
TFCS-ReconfAdd-foo2 ::= {
ctfc2: 0
}
TFCS-ReconfAdd-foo2 ::= {
ctfc2: 1
}
}
}
fach-PCH-InformationList: FACH-PCH-InformationList ::= {
FACH-PCH-Information ::= {
transportFormatSet: CommonTransChTFS ::= {
tti: CommonDynamicTF-InfoList ::= {
CommonDynamicTF-Info ::= {
rlc-Size: fdd ::= {
octetModeRLC-SizeInfoType2: 3
}
numberOfTbSizeList: numberOfTbSizeList ::= {
}
logicalChannelList:
}
}
semistaticTF-Information: SemistaticTF-Information ::= {
channelCodingType: 0 (half)
rateMatchingAttribute: 256
crc-Size: 2 (crc12)
}
}
transportChannelIdentity: 1
ctch-Indicator: FALSE
}
}
pich-Info: fdd ::= {
channelisationCode256: 4
pi-CountPerFrame: 0 (e18)
sttd-Indicator: FALSE
}
}
SCCPCH-SystemInformation ::= {
secondaryCCPCH-Info: SecondaryCCPCH-Info ::= {
modeSpecificInfo: fdd ::= {
dummy1: 0 (mayBeUsed)
sttd-Indicator: FALSE
sf-AndCodeNumber: 2
pilotSymbolExistence: FALSE
tfci-Existence: TRUE
positionFixedOrFlexible: 0 (fixed)
timingOffset: 0
}
}
tfcs: TFCS-ReconfAdd ::= {
ctfcSize: ctfc2Bit ::= {
TFCS-ReconfAdd-foo2 ::= {
ctfc2: 0
}
TFCS-ReconfAdd-foo2 ::= {
ctfc2: 1
}
}
}
fach-PCH-InformationList: FACH-PCH-InformationList ::= {
FACH-PCH-Information ::= {
transportFormatSet: CommonTransChTFS ::= {
tti: CommonDynamicTF-InfoList ::= {
CommonDynamicTF-Info ::= {
rlc-Size: fdd ::= {
octetModeRLC-SizeInfoType2: 3
}
numberOfTbSizeList: numberOfTbSizeList ::= {
}
logicalChannelList:
}
}
semistaticTF-Information: SemistaticTF-Information ::= {
channelCodingType: 0 (half)
rateMatchingAttribute: 256
crc-Size: 2 (crc12)
}
}
transportChannelIdentity: 1
ctch-Indicator: FALSE
}
}
}
}
}
SysInfoType11 ::= {
sib12indicator: FALSE
measurementControlSysInfo: MeasurementControlSysInfo ::= {
use-of-HCS: hcs-not-used ::= {
cellSelectQualityMeasure: cpich-Ec-N0 ::= {
}
}
}
}=== Phase1 Encoding SIB MIB
=== Phase1 Encoded SIB MIB size 152 blocks 0.672566
SIB0: bytes: ByteVector(size=19 data: 02 40 4a a5 00 00 44 20 64 20 33 21 91 51 00 30 74 a0 3b)
=== Phase1 Encoding SIB SIB1
=== Phase1 Encoded SIB SIB1 size 94 blocks 0.415929
SIB1: bytes: ByteVector(size=12 data: c4 02 10 8b 20 00 01 00 ce 01 ab 40)
=== Phase1 Encoding SIB SIB2
=== Phase1 Encoded SIB SIB2 size 20 blocks 0.0884956
SIB2: bytes: ByteVector(size=3 data: 00 06 40)
=== Phase1 Encoding SIB SIB3
=== Phase1 Encoded SIB SIB3 size 102 blocks 0.451327
SIB3: bytes: ByteVector(size=13 data: 00 00 00 00 42 c0 60 00 04 b4 ff ff fc)
=== Phase1 Encoding SIB SIB5
=== Phase1 Encoded SIB SIB5 size 466 blocks 2.06195
SIB4: bytes: ByteVector(size=59 data: 80 30 0e 88 00 00 f0 02 14 00 68 2c 0a ff 60 00 32 3f de c7 fb 84 03 c0 00 00 fa 99 1f fc 0c 80 91 e0 40 d0 00 08 22 00 43 08 8b fd 00 04 18 08 12 00 01 04 40 08 61 11 7f a0 00)
=== Phase1 Encoding SIB SIB7
=== Phase1 Encoded SIB SIB7 size 20 blocks 0.0884956
SIB5: bytes: ByteVector(size=3 data: 4a 00 00)
=== Phase1 Encoding SIB SIB11
=== Phase1 Encoded SIB SIB11 size 10 blocks 0.0442478
SIB6: bytes: ByteVector(size=2 data: 01 00)
chReserve(256,0)
ALERT 139964834174592 20:29:37.9 UMTSPhCh.cpp:654:chConflict: Attempt to reserve channel: sf=256 chcode=0 which conflicts with reserved channel: sf=128 chcode=0
chReserve(256,1)
ALERT 139964834174592 20:29:37.9 UMTSPhCh.cpp:654:chConflict: Attempt to reserve channel: sf=256 chcode=1 which conflicts with reserved channel: sf=128 chcode=0
1537208977.936202 139964834174592: Starting the transceiver…
linux; GNU C++ version 7.3.0; Boost_106200; UHD_003.010.003.UHD-3.10-0-gef157678
** Configuring logger
** Using internal clock reference
** Searching for USRP device
– Make connection: ‘LimeSDR Mini [USB 3.0] 1D40ED5D833C8F’
– Reference clock 40.00 MHz
– Device name: LimeSDR-Mini
– Reference: 40 MHz
– LMS7002M calibration values caching Disable
ALERT 140363306453952 20:29:39.5 UHDDevice.cpp:275:parse_dev_type: found: LimeSDR-Mini
** Device ready
ALERT 139964755265280 20:29:46.1 TRXManager.cpp:258:clockHandler: TRX clock interface timed out, assuming TRX is dead.
RTNETLINK answers: File exists
1537208987.152317 139964834174592:
system ready
1537208987.152380 139964834174592:
use the OpenBTS-UMTSCLI utility to access CLI
OpenBTS> ALERT 139964791346944 20:31:19.5 URRC.cpp:615:findUeByAsnId: no match ptmsi=0x15001 raimatch=0 findHandlebyPTmsi-urnti=0x0
31:19.5 UL_CCCH_MessageType_PR_rrcConnectionRequest (new UE) UE#1 URNTI=f292 stIdleMode rbid=0
newState: 1 1
31:19.5 DL_CCCH RRC_Connection_Setup_Message message size=60 UE#1 URNTI=f292 stIdleMode rbid=0
ALERT 139964791346944 20:31:21.7 URRC.cpp:615:findUeByAsnId: no match ptmsi=0x15001 raimatch=0 findHandlebyPTmsi-urnti=0x0
31:21.7 UL_CCCH_MessageType_PR_rrcConnectionRequest (new UE) UE#2 URNTI=f293 stIdleMode rbid=0
newState: 1 1
31:21.7 DL_CCCH RRC_Connection_Setup_Message message size=60 UE#2 URNTI=f293 stIdleMode rbid=0
newState: 2 1
ALERT 139964791346944 20:31:22.0 URLC.cpp:1755:rlcWriteLowSide: stateChange: before 0 0 after 0 0
31:22.2 UL_DCCH_MessageType_PR_rrcConnectionSetupComplete UE#2 URNTI=f293 stCELL_FACH rbid=2
31:22.4 UL_DCCH_MessageType_PR_initialDirectTransfer UE#2 URNTI=f293 stCELL_FACH rbid=3
31:22.4 UL GMM Msg: RoutingAreaUpdateRequest UE#2 URNTI=f293 stCELL_FACH
31:22.4 DL_DCCH RoutingAreaUpdateReject message size=7 UE#2 URNTI=f293 stCELL_FACH rbid=3
31:22.8 UL_DCCH_MessageType_PR_uplinkDirectTransfer UE#2 URNTI=f293 stCELL_FACH rbid=3
31:22.8 UL SM Msg: ActivatePDPContextRequest UE#2 URNTI=f293 stCELL_FACH
31:22.8 DL_DCCH ActivatePDPContextReject message size=6 UE#2 URNTI=f293 stCELL_FACH rbid=3
31:22.8 DL_DCCH GMMStatus message size=6 UE#2 URNTI=f293 stCELL_FACH rbid=3
31:22.8 DL_DCCH DetachRequest message size=6 UE#2 URNTI=f293 stCELL_FACH rbid=3
31:25.7 UL_DCCH_MessageType_PR_uplinkDirectTransfer UE#2 URNTI=f293 stCELL_FACH rbid=3
31:25.7 UL GMM Msg: AttachRequest UE#2 URNTI=f293 stCELL_FACH
31:25.7 DL_DCCH IdentityRequest message size=6 UE#2 URNTI=f293 stCELL_FACH rbid=3
31:41.0 UL_DCCH_MessageType_PR_uplinkDirectTransfer UE#2 URNTI=f293 stCELL_FACH rbid=3
31:41.0 UL GMM Msg: AttachRequest UE#2 URNTI=f293 stCELL_FACH
31:41.0 DL_DCCH IdentityRequest message size=6 UE#2 URNTI=f293 stCELL_FACH rbid=3
32:36.9 UL_CCCH_MessageType_PR_cellUpdate UE#2 URNTI=f293 stCELL_FACH rbid=0
32:36.9 DL_CCCH RRC Cell Update Confirm Message message size=9 UE#2 URNTI=f293 stCELL_FACH rbid=0
32:37.1 UL_CCCH_MessageType_PR_cellUpdate UE#2 URNTI=f293 stCELL_FACH rbid=0
32:37.1 DL_CCCH RRC Cell Update Confirm Message message size=9 UE#2 URNTI=f293 stCELL_FACH rbid=0
32:41.2 UL_CCCH_MessageType_PR_cellUpdate UE#2 URNTI=f293 stCELL_FACH rbid=0
32:41.2 DL_CCCH RRC Cell Update Confirm Message message size=9 UE#2 URNTI=f293 stCELL_FACH rbid=0
32:41.5 UL_CCCH_MessageType_PR_cellUpdate UE#2 URNTI=f293 stCELL_FACH rbid=0
32:41.5 DL_CCCH RRC Cell Update Confirm Message message size=9 UE#2 URNTI=f293 stCELL_FACH rbid=0
ALERT 139964791346944 20:32:42.4 URRC.cpp:615:findUeByAsnId: no match ptmsi=0x15001 raimatch=0 findHandlebyPTmsi-urnti=0x0
ALERT 139964791346944 20:32:42.4 URRC.cpp:533:purgeUEs: Deleting UE#1 URNTI=f292 stIdleMode
32:42.4 DL_DCCH RRC_Connection_Release_Message message size=3 UE#2 URNTI=f293 stCELL_FACH rbid=2
32:42.4 UL_CCCH_MessageType_PR_rrcConnectionRequest (new UE) UE#3 URNTI=f294 stIdleMode rbid=0
newState: 1 1
32:42.4 DL_CCCH RRC_Connection_Setup_Message message size=60 UE#3 URNTI=f294 stIdleMode rbid=0
newState: 2 1
ALERT 139964791346944 20:32:42.8 URLC.cpp:1755:rlcWriteLowSide: stateChange: before 0 0 after 0 0
32:43.0 UL_DCCH_MessageType_PR_rrcConnectionSetupComplete UE#3 URNTI=f294 stCELL_FACH rbid=2
32:43.2 UL_DCCH_MessageType_PR_initialDirectTransfer UE#3 URNTI=f294 stCELL_FACH rbid=3
32:43.2 UL GMM Msg: AttachRequest UE#3 URNTI=f294 stCELL_FACH
32:43.2 DL_DCCH IdentityRequest message size=6 UE#3 URNTI=f294 stCELL_FACH rbid=3
32:43.8 UL_DCCH_MessageType_PR_uplinkDirectTransfer UE#3 URNTI=f294 stCELL_FACH rbid=3
32:43.8 UL GMM Msg: IdentityResponse UE#3 URNTI=f294 stCELL_FACH
PDP of 0 is 0, gmm = e4007740, si = e40068e0
PDP of 5 is 0, gmm = e4007740, si = e40068e0
32:43.8 DL_DCCH AuthenticationAndCipheringReq message size=25 UE#3 URNTI=f294 stCELL_FACH rbid=3
PDP of 0 is 0
32:44.3 UL_DCCH_MessageType_PR_uplinkDirectTransfer UE#3 URNTI=f294 stCELL_FACH rbid=3
32:44.3 UL GMM Msg: AuthenticationAndCipheringResp UE#3 URNTI=f294 stCELL_FACH imsi=901550000000000
PDP of 0 is 0
PDP of 0 is 0
32:44.3 DL_DCCH RRC Security Mode Command message size=15 UE#3 URNTI=f294 stCELL_FACH rbid=2
32:44.6 UL_DCCH_MessageType_PR_securityModeComplete UE#3 URNTI=f294 stCELL_FACH rbid=2
32:44.6 DL_DCCH AttachAccept message size=26 UE#3 URNTI=f294 stCELL_FACH rbid=3
32:45.0 UL_DCCH_MessageType_PR_uplinkDirectTransfer UE#3 URNTI=f294 stCELL_FACH rbid=3
32:45.0 UL GMM Msg: AttachComplete UE#3 URNTI=f294 stCELL_FACH imsi=901550000000000
32:45.9 UL_DCCH_MessageType_PR_uplinkDirectTransfer UE#3 URNTI=f294 stCELL_FACH rbid=3
32:45.9 UL SM Msg: ActivatePDPContextRequest UE#3 URNTI=f294 stCELL_FACH imsi=901550000000000
kbps: 0, ops: 0
configDchPS: UL SF=128 RF=1×300=300 pb=16 turbo=1 maxprecoded=80 tb=0x76=0 coded=0
configDchPS: DL SF=256 RF=1×120=120 pb=16 turbo=1 maxprecoded=20 tb=1×20=20 coded=72
OpenBTS-UMTS: TurboCoder.cpp:452: TurboInterleaver::TurboInterleaver(int): Assertion `K >= 40 && K <= 5114’ failed.
Abandon
hey Bastien, it’s me Dast!! i would like to ask you when you test openairinterface what is the performance of the machine ? could you send me the logfile please ?
how did you get the master key ki? with a simwritter and you are your own provider or by another methods ?
You are right it is with a simwriter and i am my own provider
how about the OAI,any new tutorial with limesdrMini
I will maybe do it i was able to attach right now I see the 4g flag but get no data I will try harder…
GOT DATA!! Tutorial soon… Take a look at this https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fwww.leiphone.com%2Fnews%2F201612%2FIP3S4Z9Z8VwLbfPr.html&edit-text=&act=url and tell me what do you think about ?
if you would like doing redirection attack , have a look about it for the lte : https://conference.hitb.org/hitbsecconf2016ams/materials/D1T1%20-%20Lin%20Huang%20-%20Forcing%20a%20Targeted%20LTE%20Cellphone%20into%20an%20Eavesdropping%20Network.pdf and most of code is on it https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Zhang-Shan-Forcing-Targeted-Lte-Cellphone-Into-Unsafe-Network.pdf have also a look on it for the redirrect on 3G : http://fakebts.com/2017/10/imsicatching-attacks-on-3g-networks-part-1/ . Please tell me when your tutorial is publish
tuto here https://bastienbaranoff.wordpress.com/2018/10/23/openairinterface-4g-lte-with-limesdr_mini/
yes i see the tuto for the limesdrmini OAI, it’s great!!! i’m waiting more powerful computer! my computer is only corei3 and i alway has ULLLLL and LLLL error with it!
what kind of kali did you use for it ?
Hey bastien, any help! when i use ” ../pySim-read.py” with my simcard readwriter, he says that he doesn’t know the serial! i follow this tutorial https://sourceforge.net/p/openlte/wiki/Programming%20you%20own%20USIM%20card/ but when i use sudo pcsc_scan, it run perfectly!! any help ?
i have this error :
./pySim-read.py
Traceback (most recent call last):
File “./pySim-read.py”, line 76, in
sl = SerialSimLink(device=opts.device, baudrate=opts.baudrate)
File “/home/nano/pysim/pySim/transport/serial.py”, line 45, in __init__
baudrate = baudrate,
File “/usr/local/lib/python2.7/dist-packages/serial/serialutil.py”, line 240, in __init__
self.open()
File “/usr/local/lib/python2.7/dist-packages/serial/serialposix.py”, line 268, in open
raise SerialException(msg.errno, “could not open port {}: {}”.format(self._port, msg)) serial.serialutil.SerialException: [Errno 2] could not open port /dev/ttyUSB0: [Errno 2] No such file or directory: ‘/dev/ttyUSB0’ Exception AttributeError: “‘SerialSimLink’ object has no attribute ‘_sl'” in <bound method SerialSimLink.__del__ of > ignored
apt-get install python-pyscard python-serial python-pip
pip install pytlv
according to https://github.com/osmocom/pysim sorry forgot to put it on the blog will do
…
what kind of usim did you use with it ?
Supersim 16 in 1
i have a trouble to connect with OAI, i have a green u-sim and supersim 16 in 1. I don’t know idea of problem so i will try to install openbts-umts and test if the gree u-sim connect with him. the problem of supersim 16 in 1 is that most telephone nowdays doesn’t support micro, only nano!!!
For the 4g i used osmocom usim for openbts umts it is supersim it dont support usim i think
but did you have phone support micro-u-sim with 4g? because supersim is microsim i think !!! Normally it should support 4g. i think my problem is coming on the u-sim also. it’s be nice if you could confirm if the supersim support OAI.
Normal sim
Oai does not support supersim ue and usim from osmocom works with OAI
maybe you have any idea for the OAI, my samsung galaxy 5 see a bew network “208-92(2G)” when i search like lte/Wcdma/gsm auto but with 2g only, it’s see nothing! why it’s show me mcc=208 mnc=92 but like on 2G not 4G. but even for the real operator on search auto , it’s can see 4G for other operator (telma, airtel … on our countrie)
Try with *#0011# umts Phone debug band 7
the name of sim is opencells sim, and i have error when using pysim even i follow this patch : https://www.mail-archive.com/[email protected]&q=subject:%22pysim%5C%5Bmaster%5C%5D%5C%3A+add+support+for+open+cells+SIM+cards%22&o=newest&f=1
Hi Bastian, I did each step like you did it but every time I try to run the openbts says that can not find the device. I have used the limi mini to run the osmo 2g (ok), I’ve re-compiled the osmotrx exactly as you did with only the -lms option but nothings happen. Do you have any idea what could be the cause to get that behavior?
Best regards.